Menu
We have written a document management system and would like to digitally sign documents using the web client. Our Java client application is already able to apply and check digital signature, but we would like to make signature even with our web client. This is written in GWT and so, when run on the client side, it is a JavaScript application.
We not want to create a Java applet and download it on the client and execute it. We would like to use the browser security device or the browser API in order to sign a document. We would also like to keep the complete document server side, and move to the client only the document hash.
We feel this should be possible using NSS or npapi/npruntime, but we did not find any information about this. (By the way, is npruntime available also in IE? Should we use ActiveX for achieving the same result with IE?)
Do you have any hints?
329
Digital Signatures can be considered as the electronic equivalent of a physical signature with ink on paper. However an electronic signature also provides certain advantages over an ink-and-paper signature.
A digital signature is exactly what it sounds like a modern alternative to signing documents with paper and pen. It uses an advanced mathematical technique to check the authenticity and integrity of digital messages and documents.
After some more googling I found the answer. Mozilla export part of its NSS module via window.crypto object. A more standard way of doing such operation is probably via DOMCrypt, that is currently discusses in W3C. Google Chrome developer will wait W3C to standardize DOMCrypt, while Microsoft require the use of an ActiveX object as explained here (this works even with Firefox/Chrome/Opera on Windows).
82
Currently (may 2016) it is not possible.
Chrome has dropped Java support. 'Windows edge' will not have. IE11 support is bad, and Oracle has decided to discontinue the java plugin. It would only be possible with Firefox, older versions of IE and the Java plugin.
The new WebCryptographyApi standard provides digital signature support for browsers, but it does not have pcks#11 support
Real e-goverment solution to solve this: 1) Install a local Java application on the user's PC. The application listens on a port as, for example 5678 2) In your page, javascript detects whether there is support for applets 3) If there is no support, connects to the application in the form http://127.0.01:5678/sign and sends the data to sign. 4) The application is local and has no trouble using the operating system keystore, which includes drivers PKCS # 11. Make digital signature and prepares the result 5) page javascript periodically query the result and retrieves it when ready
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
